Information Security Engineer III

• About Our Client:

The organization operates in the mission-critical services and solutions sector, supporting Fortune 100 companies and over 500 governments. It addresses complex challenges by delivering services that create significant outcomes for clients and the populations they serve. The organization emphasizes a culture that values individuality and impact.

• About the Opportunity:

The Information Security Engineer III plays a key role within the NIST CISO Audit & Assurance team, focusing on internal audits and compliance with applicable security standards, regulations, and policies. This role ensures the integrity, confidentiality, and availability of information, applications, and infrastructure for assigned business units. The position drives risk assessments, audits, and vulnerability management to identify and remediate risks and control gaps. It also develops clear and actionable security reports, policies, and recommendations, contributing to the overall security posture and regulatory compliance of the organization.

• Responsibilities:

• Assist in internal audits to ensure compliance with security standards and policies

• Perform risk assessments, security audits, and vulnerability scans

• Develop security reports, recommendations, and policies for various audiences

• Collect, review, archive, and monitor security logs and automated alerts (IPS/IDS, FIM, firewalls, malware, rogue wireless, system health, exploit attempts)

• Participate in audit, compliance, and regulatory functions, including NIST 800-53, ISO 27001/2, PCI-DSS, and privacy laws

• Manage vulnerability programs including scans, penetration tests, documentation, and remediation

• Monitor security vulnerabilities and patches, applying risk-based mitigation recommendations

• Coordinate incident response, remediation, and security improvements with business units and IT teams

• Serve as initial contact for security audits and client requests

• Support business continuity and disaster recovery plans, tests, and improvements

• Maintain documentation for annual security compliance attestations related to assigned business units

• Requirements:

• 4 to 5 years of experience in IT Security or Security Auditing

• Security/IT audit certifications such as CIPP, CRISC, CISA, CISSP, CISM, ISO preferred

• Strong knowledge of security controls across domains including access management, encryption, and network security

• Ability to identify security risks and assess organizational impact, recommending mitigations

• Familiarity with security technologies, devices, and threat countermeasures

• Experience developing meaningful, defensible security reports, policies, and procedures

• Knowledge of multiple security frameworks (NIST 800-series, ISO 27000-series, PCI DSS, HIPAA, HITRUST, FISMA, FedRAMP)

• Proficiency with PowerPoint, Word, Excel; experience with Visio and MS Project

• Effective communication skills in writing, presentations, and interpersonal interactions

• Familiarity with security and collaboration tools such as Nessus Tenable, Splunk, SharePoint, ServiceNow is a plus

• Self-starter with a positive attitude, able to work independently and collaboratively at all organizational levels

Preferred:

• Experience creating and maintaining NIST 800-53-rev5 based SSP and POAM

• Pay Range and Compensation Package:

• The pay range and compensation package for this role will be determined based on the candidate’s experience, skills, and other relevant factors.

• Benefits & Perks:

• Remote work options to support work-life balance

• Comprehensive health and welfare benefits effective from day one

• Retirement savings programs

• Employee discounts on merchandise, services, and travel

• Career growth opportunities within a global organization

Equal Opportunity Statement: Our client is an equal opportunity employer. They celebrate diversity and are committed to creating an inclusive environment for all employees. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, or national origin.

Note:

RemoteHunter is not the Employer of Record (EOR) for this role. Our purpose in this opportunity is to connect exceptional candidates with leading employers. We help job seekers worldwide discover roles that match their goals and guide them to complete their full application directly through the hiring company’s career page or ATS.